Skip to content

GitHub Webhook Signature Token

Service Name: GitHub

Service Description: GitHub is a web-based platform for version control and collaboration that enables developers to store, manage, track, and control changes to their code. It provides hosting for software development and version control using Git.

Service Address: https://github.com

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through GitHub Enterprise security settings.

Secret Access Scope: Grants the ability to verify the authenticity of webhook payloads sent from GitHub to your application. This token is used to create a signature that validates that incoming webhook requests are genuinely from GitHub.

Secret Revokement URL: https://github.com/settings/hooks

Secret Example: webhook_secret_87d4c9a53e1b5f2dc5271565bce3ec19c3e3a9e2

Suspicious Activity Investigation Instructions:

  • Review your application logs for unexpected webhook processing or signature validation failures.
  • Check GitHub webhook delivery logs in your repository settings to verify recent webhook deliveries.
  • Examine your GitHub repository's webhook configuration for unauthorized changes.
  • Monitor for unexpected code changes or actions that might have been triggered by webhook events.
  • Review GitHub audit logs for changes to webhook configurations.

Mitigation Instructions:

  • Navigate to your GitHub repository settings.
  • Select "Webhooks" from the left sidebar.
  • Find the webhook with the compromised secret.
  • Click "Edit" on the webhook.
  • Generate a new secret by clicking "Change Secret".
  • Enter a new strong random secret or use GitHub's generated one.
  • Update your application to use the new webhook secret.
  • Click "Update webhook" to save changes.
  • Verify webhook deliveries are working correctly with the new secret.
  • Review recent activities triggered by webhooks to identify any unauthorized actions.